{"id":21044642,"url":"https://github.com/tripflex/cpsetup","last_synced_at":"2025-06-13T21:02:13.765Z","repository":{"id":21942107,"uuid":"25266584","full_name":"tripflex/cpsetup","owner":"tripflex","description":"Intuitive bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with ConfigServer Firewall, MailManage, MailQueue, Malware Detect, ClamAV, mod_cloudflare, CloudFlare RailGun, and many more applications and security tweaks","archived":false,"fork":false,"pushed_at":"2019-05-22T23:43:08.000Z","size":810,"stargazers_count":46,"open_issues_count":3,"forks_count":38,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-03T12:52:18.585Z","etag":null,"topics":["bash","clamav","cloudflare-railgun","configserver","configserver-firewall","cpanel","cpanel-tweak-settings","installer","setup","shell"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tripflex.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-10-15T17:57:19.000Z","updated_at":"2024-11-23T03:53:23.000Z","dependencies_parsed_at":"2022-08-17T23:45:28.930Z","dependency_job_id":null,"html_url":"https://github.com/tripflex/cpsetup","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tripflex%2Fcpsetup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tripflex%2Fcpsetup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tripflex%2Fcpsetup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tripflex%2Fcpsetup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tripflex","download_url":"https://codeload.github.com/tripflex/cpsetup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254388363,"owners_count":22063037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","clamav","cloudflare-railgun","configserver","configserver-firewall","cpanel","cpanel-tweak-settings","installer","setup","shell"],"created_at":"2024-11-19T14:18:01.353Z","updated_at":"2025-05-15T17:33:01.321Z","avatar_url":"https://github.com/tripflex.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"cpSetup\n=======\n\n\u003cstrong\u003eAuthor:\u003c/strong\u003e Myles McNamara\u003cbr/\u003e\u003cstrong\u003eVersion:\u003c/strong\u003e 1.5.0\u003cbr/\u003e\u003cstrong\u003eLast Update:\u003c/strong\u003e May 22, 2019\n\n\u003cstrong\u003ecpsetup\u003c/strong\u003e is a custom bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with a wide range of applications, plugins, and modules. This script will also install cPanel if it's not already installed.\n\nEach installation and configuration/hardening is organized into functions. By default running the script without any arguments will prompt for each install/configuration as well as prompt for any required configs (email, api key, etc).\n\nYou can also run any of the available functions individually ... to see a list of functions available, execute this command:\n\n```bash\n./cpsetup --functions\n```\n\nUsage\n=====\n\n```bash\nwget https://github.com/tripflex/cpsetup/raw/master/cpsetup\nchmod +x cpsetup\n./cpsetup\n```\n\n\u003ctable border=\"0\"\u003e\n\u003ctr\u003e\n\u003ctd width=\"60%\"\u003e\n\u003ch4\u003eFeatures Include:\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eInstall ClamAV from Source (CentOS 7+)\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin\" target=\"_blank\"\u003eLet's Encrypt for cPanel AutoSSL\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://www.afterlogic.org/docs/webmail-lite/installation/install-on-cpanel\" target=\"_blank\"\u003eAfterLogic WebMail Lite\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://configserver.com/cp/cse.html\" target=\"_blank\"\u003eConfigServer Explorer\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://configserver.com/cp/cmm.html\" target=\"_blank\"\u003eConfigServer MailManage\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://configserver.com/cp/cmq.html\" target=\"_blank\"\u003eConfigServer MailQueues\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://configserver.com/cp/csf.html\" target=\"_blank\"\u003eConfigServer Firewall\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://configserver.com/cp/cmc.html\" target=\"_blank\"\u003eConfigServer ModSecurity Control\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.configserver.com/free/mailscanner.html\" target=\"_blank\"\u003eConfigServer MailScanner\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://configserver.com/cp/cxs.html\" target=\"_blank\"\u003eConfigServer Exploit Scanner\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.rfxn.com/projects/linux-malware-detect/\" target=\"_blank\"\u003eR-fx Malware Detect\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://www.softaculous.com/\" target=\"_blank\"\u003eSoftaculous\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.ndchost.com/cpanel-whm/addons/watchmysql/\" target=\"_blank\"\u003eWatchMySQL\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://github.com/major/MySQLTuner-perl\" target=\"_blank\"\u003eMySQL Tuner\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf\" target=\"_blank\"\u003ecPanel mod_cloudflare\u003c/a\u003e (\u003ca href=\"https://github.com/tripflex/cloudflarecp\" target=\"_blank\"\u003ecloudflarecp\u003c/a\u003e)\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.cloudflare.com/railgun\" target=\"_blank\"\u003eCloudFlare RailGun\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eInstall yum terminal colors\u003c/li\u003e\n \u003cli\u003e\u003ca href=\"https://www.cloudflare.com/docs/railgun/installation.html\" target=\"_blank\"\u003eConfigure/Setup CloudFlare RailGun\u003c/a\u003e\u003c/li\u003e\n \u003cli\u003eConfigure CloudFlare RailGun and MemCached (using socket)\u003c/li\u003e\n \u003cli\u003eUpdate Firewall Allow list with CloudFlare IPs\u003c/li\u003e\n \u003cli\u003eUpdate Firewall Configuration\u003c/li\u003e\n \u003cli\u003eUpdate SSH Configuration ( Port, and UseDNS )\u003c/li\u003e\n \u003cli\u003eUpdate cPanel Configurations\u003c/li\u003e\n \u003cli\u003eUpdate Pure FTP Configurations\u003c/li\u003e\n \u003cli\u003eUpdate cPanel Tweak Settings\u003c/li\u003e\n \u003cli\u003eUpdate MySQL Settings\u003c/li\u003e\n \u003cli\u003eUpdate PHP Settings\u003c/li\u003e\n \u003cli\u003eUpdate Apache Global Configuration\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDeprecated (but still available) Features/Functions:\u003c/h4\u003e\n\u003cul\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.ndchost.com/cpanel-whm/addons/accountdnscheck/\" target=\"_blank\"\u003eAccount DNS Check\u003c/a\u003e* (depreciated)\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"http://how2.be/en/community/phpinimgr/\" target=\"_blank\"\u003ePHP.ini Manager\u003c/a\u003e* (depreciated)\u003c/li\u003e\n \u003cli\u003eInstall \u003ca href=\"https://www.ndchost.com/cpanel-whm/addons/cleanbackups/\" target=\"_blank\"\u003eClean Backups\u003c/a\u003e* (depreciated)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFuture Enhancements:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou tell me, open up an issue and suggest a new feature!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/td\u003e\n\u003ctd width=\"40%\"\u003e\n\u003cp align=\"center\"\u003e\u003cimg src=\"screenshot.png\"\u003e\u003c/p\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\nDepreciated Functions/Installs (*)\n----------------\n\n| Name | Reason |\n|---|---|\n| Account DNS Check | Reported to no longer work on CentOS 7, or WHM \u003e 11.52 |\n| PHP.INI Manager | WHM now has built in handling, and unsure of status of plugin |\n| Clean Backups | No longer works or updated? |\n\n\u003e I decided to remove these from the auto install process because I either do not know the status of them (compatibility wise) with WHM,\n\u003e they are not compatible with latest release, or because the developers either do not provide ANY changelog, or even if they do,\n\u003e they don't even date the versions, which IMO is sloppy dev work, and as such, they do not belong in the auto install process.\n\n\nAvailable Arguments\n-------------------\n\n```\ncpsetup - sMyles cPanel Setup Script\nUsage example:\n./cpsetup [(-h|--help)] [(-v|--verbose)] [(-V|--version)] [(-u|--unattended)] [(-m|--menu)] [(-r|--run) value] [(-R|--functions)]\nOptions:\n-h or --help: Displays this information.\n-v or --verbose: Verbose mode on.\n-V or --version: Displays the current version number.\n-u or --unattended: Unattended installation ( bypasses all prompts ).\n-r or --run: Run a specific function.\n-R or --functions: Show available functions to use with -r or --run command.\n```\n\nFirewall Updates\n----------------\n\n| Option | Original Value | New Value |\n|-------------------|----------------|-----------|\n| `RESTRICT_SYSLOG` | 0 | 3 |\n| `SMTP_BLOCK` | 0 | 1 |\n| `LF_SCRIPT_ALERT` | 0 | 1 |\n| `SYSLOG_CHECK` | 0 | 1800 |\n| `PT_ALL_USERS` | 0 | 1 |\n\nSSH Updates\n-----------\n\nAny options that have `(prompt)` means you will be prompted to specify your own custom value if `-u` was not used as an argument.\n\n| Option | Original Value | New Value |\n|----------|----------------|--------------|\n| `Port` | 22 | 222 (prompt) |\n| `UseDNS` | yes | no |\n\ncPanel Config Updates\n---------------------\n\n| Option | Original Value | New Value |\n|----------------------------|----------------|-------------------------|\n| Shell Fork Bomb Protection | Disabled | Enabled |\n| Compiler Access | Enabled | Disabled |\n| Root Forwarder Email | None | User Specified (prompt) |\n\nPure FTP Updates\n----------------\n\n| Option | Original Value | New Value | Result |\n|-----------------------|----------------|-----------|--------------------------|\n| `RootPassLogins` | yes | no | Can't login with root pw |\n| `AnonymousCantUpload` | no | yes | Anonymous can't upload |\n| `NoAnonymous` | no | yes | Anonymous can't login |\n\ncPanel Tweak Settings Updates\n-----------------------------\n\n| Option | Original Value | New Value |\n|--------------------------------------|----------------|-----------|\n| BoxTrapper | Enabled | Disabled |\n| Referrer Blank Sanity Check | Disabled | Enabled |\n| Referrer Safety Check | Disabled | Enabled |\n| Hide Login PW from CGI Scripts | Disabled | Enabled |\n| Max Emails Account Can Send Per Hour | Unlimited | 199 |\n| Restrict outgoing SMTP to root, exim, and mailman | Enabled | Disabled |\n| Proxy Subdomains (whm.example.com, etc)| Enabled | Disabled |\n\nMySQL Settings Updates\n----------------------\n\n| Option | Original Value | New Value |\n|--------------|----------------|-----------|\n| local-infile | 1 | 0 |\n\nPHP Configuration Updates\n-------------------------\n\n| Option | Original Value | New Value |\n|-------------------|----------------|------------------------------------------------------------------------------------------------------|\n| enable_dl | On | Off |\n| disable_functions | None | show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set |\n\nApache Global Configuration Updates\n-----------------------------------\n\n| Option | Original Value | New Value |\n|------------------|----------------|-------------|\n| Server Signature | On | Off |\n| Server Tokens | All | ProductOnly |\n| Trace Enable | On | Off |\n\nCloudFlare RailGun Configuration\n--------------------------------\n\n| Option | Original Value | New Value |\n|-------------------------|----------------------------|-----------------------------------|\n| memcached.servers | /tmp/memcached.sock | /var/run/memcached/memcached.sock |\n| activation.railgun_host | YOUR_PUBLIC_IP_OR_HOSTNAME | (user defined) |\n| activation.token | YOUR_TOKEN_HERE | (user defined) |\n\nCloudFlare RailGun MemCached Configurations\n-------------------------------------------\n\n| Option | Original Value | New Value |\n|-----------|----------------|--------------------------------------|\n| PORT | 11211 | 22222 |\n| USER | memcached | memcached |\n| MAXCONN | 1024 | 20480 |\n| CACHESIZE | 64 | 4096 |\n| OPTIONS | | -s /var/run/memcached/memcached.sock |\n\n### Caution\n\nUse at your own risk, if you don't know what you're doing you should probably not be using this script. Myself and any contributors to this project take absolutely no responsibility for anything you do with this script. I **strongly** recommend reading the script so you understand what it does before using.\n\n# Change Log\n\n## [1.5.0](https://github.com/tripflex/cpsetup/tree/v1.5.0) (May 22, 2019)\n[Full Changelog](https://github.com/tripflex/cpsetup/compare/v1.4.0...v1.5.0)\n\n**Implemented enhancements:**\n- Replace `disable_functions` in all `/opt/cpanel/ea-phpXX/root/etc/php.ini` where `XX` is PHP version\n- Replace `enable_dl` in all `/opt/cpanel/ea-phpXX/root/etc/php.ini` where `XX` is PHP version\n- Added `installJetBackup` function (not called by default)\n- Updated ClamAV version to 0.101.2\n- Updated ClamAV install from source now uses init for CentOS 7+\n- Added libjson-c-dev libcurl-devel for clamsubmit support\n- Added version output in header display\n\n**Bug Fixes:**\n- Fixed PHP replacement for `disable_functions` not replacing entire line if functions already defined\n- Removed never implemented `-m` and `--menu` args\n- Check for `-R` or `--functions` at start of script execution\n- Updated Y/N check to y/N to signify N as default when nothing entered\n\n## [1.4.0](https://github.com/tripflex/cpsetup/tree/v1.4.0) (Feb 1, 2017)\n[Full Changelog](https://github.com/tripflex/cpsetup/compare/v1.3.3...v1.4.0)\n\n**Implemented enhancements:**\n\n- Added AfterLogic WebMail Lite installer\n- Added Let's Encrypt AutoSSL for cPanel installer\n- Added import for CloudFlare new public key\n- Added Disable Proxy Subdomains (whm.example.com, etc) to harden config call\n- Added Disable SMTP Restrictions to harden config call (when using CSF this should NOT be enabled)\n- Use hostname if nothing set at prompt or in file for RailGun Host\n- Moved CloudFlare RailGun install process and config process to separate functions\n\n**Bug Fixes:**\n- Fixed/Updated URL to download ConfigServer Firewall install file\n- Fixed incorrect function call for MySQL Tuner install\n\n**Other:**\n- Removed prompt to install CleanBackups\n- Removed prompt to install PHP.ini Manager\n- Removed prompt to install Account DNS Check\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftripflex%2Fcpsetup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftripflex%2Fcpsetup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftripflex%2Fcpsetup/lists"}